Updated mbedtls packages fix security vulnerability
Publication date: 10 Jan 2019Modification date: 10 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-19608
Description
A vulnerability was found in mbedTLS which allows a local unprivileged
attacker to recover the plaintext of RSA decryption, which is used in
RSA-without-(EC)DH(E) cipher suites (CVE-2018-19608).
References
- https://bugs.mageia.org/show_bug.cgi?id=24064
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.0-2.7.7-and-2.1.16-released
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JPMHKBJDZVFFML2CJYXG3ELX7ADDG6ET/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608
SRPMS
6/core
- mbedtls-2.7.8-1.mga6